diff --git a/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-postgres-backups-secret.yaml b/clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-openbao-backups-rclone-source-config.yaml similarity index 64% rename from clusters/cl01tl/manifests/rclone/ExternalSecret-garage-postgres-backups-secret.yaml rename to clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-openbao-backups-rclone-source-config.yaml index 3b76ce2ce..94fba2951 100644 --- a/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-postgres-backups-secret.yaml +++ b/clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-openbao-backups-rclone-source-config.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: garage-postgres-backups-secret - namespace: rclone + name: openbao-backups-rclone-source-config + namespace: cloudnative-pg labels: - app.kubernetes.io/name: garage-postgres-backups-secret - app.kubernetes.io/instance: rclone - app.kubernetes.io/part-of: rclone + helm.sh/chart: rclone-postgres-backups-external-0.4.1 + app.kubernetes.io/instance: cloudnative-pg + app.kubernetes.io/part-of: cloudnative-pg + app.kubernetes.io/version: "0.4.1" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: openbao-backups-rclone-source-config spec: secretStoreRef: kind: ClusterSecretStore @@ -16,19 +19,15 @@ spec: remoteRef: key: /garage/home-infra/postgres-backups property: ACCESS_KEY_ID - - secretKey: ACCESS_REGION - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_REGION - secretKey: ACCESS_SECRET_KEY remoteRef: key: /garage/home-infra/postgres-backups property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + key: /garage/home-infra/postgres-backups + property: ACCESS_REGION - secretKey: SRC_ENDPOINT remoteRef: key: /garage/config property: ENDPOINT_LOCAL - - secretKey: DEST_ENDPOINT - remoteRef: - key: /garage/config - property: ENDPOINT_REMOTE diff --git a/clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-postgres-backups-ecc1010276b61716-rclone-destination-config.yaml b/clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-postgres-backups-ecc1010276b61716-rclone-destination-config.yaml new file mode 100644 index 000000000..632559c6f --- /dev/null +++ b/clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-postgres-backups-ecc1010276b61716-rclone-destination-config.yaml @@ -0,0 +1,33 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: postgres-backups-ecc1010276b61716-rclone-destination-config + namespace: cloudnative-pg + labels: + helm.sh/chart: rclone-postgres-backups-external-0.4.1 + app.kubernetes.io/instance: cloudnative-pg + app.kubernetes.io/part-of: cloudnative-pg + app.kubernetes.io/version: "0.4.1" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgres-backups-ecc1010276b61716-rclone-destination-config +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + key: /digital-ocean/home-infra/postgres-backups + property: AWS_ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + key: /digital-ocean/home-infra/postgres-backups + property: AWS_SECRET_ACCESS_KEY + - secretKey: ACCESS_REGION + remoteRef: + key: /digital-ocean/home-infra/postgres-backups + property: AWS_REGION + - secretKey: DEST_ENDPOINT + remoteRef: + key: /digital-ocean/config + property: ENDPOINT diff --git a/clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-postgres-backups-rclone-destination-config.yaml b/clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-postgres-backups-rclone-destination-config.yaml new file mode 100644 index 000000000..92e8f9b2b --- /dev/null +++ b/clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-postgres-backups-rclone-destination-config.yaml @@ -0,0 +1,33 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: postgres-backups-rclone-destination-config + namespace: cloudnative-pg + labels: + helm.sh/chart: rclone-postgres-backups-remote-0.4.1 + app.kubernetes.io/instance: cloudnative-pg + app.kubernetes.io/part-of: cloudnative-pg + app.kubernetes.io/version: "0.4.1" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgres-backups-rclone-destination-config +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + key: /garage/home-infra/postgres-backups + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + key: /garage/home-infra/postgres-backups + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + key: /garage/home-infra/postgres-backups + property: ACCESS_REGION + - secretKey: DEST_ENDPOINT + remoteRef: + key: /garage/config + property: ENDPOINT_REMOTE diff --git a/clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-postgres-backups-rclone-source-config.yaml b/clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-postgres-backups-rclone-source-config.yaml new file mode 100644 index 000000000..1ac9648e3 --- /dev/null +++ b/clusters/cl01tl/manifests/cloudnative-pg/ExternalSecret-postgres-backups-rclone-source-config.yaml @@ -0,0 +1,33 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: postgres-backups-rclone-source-config + namespace: cloudnative-pg + labels: + helm.sh/chart: rclone-postgres-backups-remote-0.4.1 + app.kubernetes.io/instance: cloudnative-pg + app.kubernetes.io/part-of: cloudnative-pg + app.kubernetes.io/version: "0.4.1" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgres-backups-rclone-source-config +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + key: /garage/home-infra/postgres-backups + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + key: /garage/home-infra/postgres-backups + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + key: /garage/home-infra/postgres-backups + property: ACCESS_REGION + - secretKey: SRC_ENDPOINT + remoteRef: + key: /garage/config + property: ENDPOINT_LOCAL diff --git a/clusters/cl01tl/manifests/directus/CronJob-directus-directus-assets-rclone.yaml b/clusters/cl01tl/manifests/directus/CronJob-directus-directus-assets-rclone.yaml index 23bccbba9..1e15c213e 100644 --- a/clusters/cl01tl/manifests/directus/CronJob-directus-directus-assets-rclone.yaml +++ b/clusters/cl01tl/manifests/directus/CronJob-directus-directus-assets-rclone.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: directus-assets-rclone app.kubernetes.io/version: v1.73.5 - helm.sh/chart: rclone-directus-assets-remote-0.2.0 + helm.sh/chart: rclone-directus-assets-remote-0.4.1 namespace: directus spec: suspend: false diff --git a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-assets-rclone-destination-config.yaml b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-assets-rclone-destination-config.yaml index 79fcb2101..7a4043227 100644 --- a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-assets-rclone-destination-config.yaml +++ b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-assets-rclone-destination-config.yaml @@ -4,10 +4,10 @@ metadata: name: directus-assets-rclone-destination-config namespace: directus labels: - helm.sh/chart: rclone-directus-assets-remote-0.2.0 + helm.sh/chart: rclone-directus-assets-remote-0.4.1 app.kubernetes.io/instance: directus app.kubernetes.io/part-of: directus - app.kubernetes.io/version: "0.2.0" + app.kubernetes.io/version: "0.4.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: directus-assets-rclone-destination-config spec: @@ -22,11 +22,11 @@ spec: - secretKey: ACCESS_SECRET_KEY remoteRef: key: /garage/home-infra/directus-assets - property: ACCESS_KEY_ID + property: ACCESS_SECRET_KEY - secretKey: ACCESS_REGION remoteRef: key: /garage/home-infra/directus-assets - property: ACCESS_KEY_ID + property: ACCESS_REGION - secretKey: DEST_ENDPOINT remoteRef: key: /garage/config diff --git a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-assets-rclone-source-config.yaml b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-assets-rclone-source-config.yaml index 6b387b5bb..3c8746a3d 100644 --- a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-assets-rclone-source-config.yaml +++ b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-assets-rclone-source-config.yaml @@ -4,10 +4,10 @@ metadata: name: directus-assets-rclone-source-config namespace: directus labels: - helm.sh/chart: rclone-directus-assets-remote-0.2.0 + helm.sh/chart: rclone-directus-assets-remote-0.4.1 app.kubernetes.io/instance: directus app.kubernetes.io/part-of: directus - app.kubernetes.io/version: "0.2.0" + app.kubernetes.io/version: "0.4.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: directus-assets-rclone-source-config spec: diff --git a/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-rclone.yaml b/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-rclone.yaml index e259289c6..740ccf80f 100644 --- a/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-rclone.yaml +++ b/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-rclone.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: karakeep-assets-rclone app.kubernetes.io/version: v1.73.5 - helm.sh/chart: rclone-karakeep-assets-remote-0.2.0 + helm.sh/chart: rclone-karakeep-assets-remote-0.4.1 namespace: karakeep spec: suspend: false diff --git a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-assets-rclone-destination-config.yaml b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-assets-rclone-destination-config.yaml index b04ed55e8..a82990c3a 100644 --- a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-assets-rclone-destination-config.yaml +++ b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-assets-rclone-destination-config.yaml @@ -4,10 +4,10 @@ metadata: name: karakeep-assets-rclone-destination-config namespace: karakeep labels: - helm.sh/chart: rclone-karakeep-assets-remote-0.2.0 + helm.sh/chart: rclone-karakeep-assets-remote-0.4.1 app.kubernetes.io/instance: karakeep app.kubernetes.io/part-of: karakeep - app.kubernetes.io/version: "0.2.0" + app.kubernetes.io/version: "0.4.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: karakeep-cloudflared-secret app.kubernetes.io/name: karakeep-assets-rclone-destination-config @@ -23,11 +23,11 @@ spec: - secretKey: ACCESS_SECRET_KEY remoteRef: key: /garage/home-infra/karakeep-assets - property: ACCESS_KEY_ID + property: ACCESS_SECRET_KEY - secretKey: ACCESS_REGION remoteRef: key: /garage/home-infra/karakeep-assets - property: ACCESS_KEY_ID + property: ACCESS_REGION - secretKey: DEST_ENDPOINT remoteRef: key: /garage/config diff --git a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-assets-rclone-source-config.yaml b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-assets-rclone-source-config.yaml index 03e07a606..6bfdf2ae7 100644 --- a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-assets-rclone-source-config.yaml +++ b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-assets-rclone-source-config.yaml @@ -4,10 +4,10 @@ metadata: name: karakeep-assets-rclone-source-config namespace: karakeep labels: - helm.sh/chart: rclone-karakeep-assets-remote-0.2.0 + helm.sh/chart: rclone-karakeep-assets-remote-0.4.1 app.kubernetes.io/instance: karakeep app.kubernetes.io/part-of: karakeep - app.kubernetes.io/version: "0.2.0" + app.kubernetes.io/version: "0.4.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: karakeep-cloudflared-secret app.kubernetes.io/name: karakeep-assets-rclone-source-config diff --git a/clusters/cl01tl/manifests/ntfy/CronJob-ntfy-ntfy-attachments-rclone.yaml b/clusters/cl01tl/manifests/ntfy/CronJob-ntfy-ntfy-attachments-rclone.yaml index b4a3a3acd..eb44daaba 100644 --- a/clusters/cl01tl/manifests/ntfy/CronJob-ntfy-ntfy-attachments-rclone.yaml +++ b/clusters/cl01tl/manifests/ntfy/CronJob-ntfy-ntfy-attachments-rclone.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ntfy-attachments-rclone app.kubernetes.io/version: v1.73.5 - helm.sh/chart: rclone-ntfy-attachments-remote-0.2.0 + helm.sh/chart: rclone-ntfy-attachments-remote-0.4.1 namespace: ntfy spec: suspend: false diff --git a/clusters/cl01tl/manifests/ntfy/ExternalSecret-ntfy-attachments-rclone-destination-config.yaml b/clusters/cl01tl/manifests/ntfy/ExternalSecret-ntfy-attachments-rclone-destination-config.yaml index 7bcbf978b..b86db25b1 100644 --- a/clusters/cl01tl/manifests/ntfy/ExternalSecret-ntfy-attachments-rclone-destination-config.yaml +++ b/clusters/cl01tl/manifests/ntfy/ExternalSecret-ntfy-attachments-rclone-destination-config.yaml @@ -4,10 +4,10 @@ metadata: name: ntfy-attachments-rclone-destination-config namespace: ntfy labels: - helm.sh/chart: rclone-ntfy-attachments-remote-0.2.0 + helm.sh/chart: rclone-ntfy-attachments-remote-0.4.1 app.kubernetes.io/instance: ntfy app.kubernetes.io/part-of: ntfy - app.kubernetes.io/version: "0.2.0" + app.kubernetes.io/version: "0.4.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ntfy-attachments-rclone-destination-config spec: @@ -22,11 +22,11 @@ spec: - secretKey: ACCESS_SECRET_KEY remoteRef: key: /garage/home-infra/ntfy-attachments - property: ACCESS_KEY_ID + property: ACCESS_SECRET_KEY - secretKey: ACCESS_REGION remoteRef: key: /garage/home-infra/ntfy-attachments - property: ACCESS_KEY_ID + property: ACCESS_REGION - secretKey: DEST_ENDPOINT remoteRef: key: /garage/config diff --git a/clusters/cl01tl/manifests/ntfy/ExternalSecret-ntfy-attachments-rclone-source-config.yaml b/clusters/cl01tl/manifests/ntfy/ExternalSecret-ntfy-attachments-rclone-source-config.yaml index b67dce108..ed768e13c 100644 --- a/clusters/cl01tl/manifests/ntfy/ExternalSecret-ntfy-attachments-rclone-source-config.yaml +++ b/clusters/cl01tl/manifests/ntfy/ExternalSecret-ntfy-attachments-rclone-source-config.yaml @@ -4,10 +4,10 @@ metadata: name: ntfy-attachments-rclone-source-config namespace: ntfy labels: - helm.sh/chart: rclone-ntfy-attachments-remote-0.2.0 + helm.sh/chart: rclone-ntfy-attachments-remote-0.4.1 app.kubernetes.io/instance: ntfy app.kubernetes.io/part-of: ntfy - app.kubernetes.io/version: "0.2.0" + app.kubernetes.io/version: "0.4.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ntfy-attachments-rclone-source-config spec: diff --git a/clusters/cl01tl/manifests/rclone/CronJob-rclone-openbao-backups-remote.yaml b/clusters/cl01tl/manifests/openbao/CronJob-openbao-openbao-backups-rclone.yaml similarity index 74% rename from clusters/cl01tl/manifests/rclone/CronJob-rclone-openbao-backups-remote.yaml rename to clusters/cl01tl/manifests/openbao/CronJob-openbao-openbao-backups-rclone.yaml index 5e60326ca..ce2c8a311 100644 --- a/clusters/cl01tl/manifests/rclone/CronJob-rclone-openbao-backups-remote.yaml +++ b/clusters/cl01tl/manifests/openbao/CronJob-openbao-openbao-backups-rclone.yaml @@ -1,14 +1,15 @@ apiVersion: batch/v1 kind: CronJob metadata: - name: rclone-openbao-backups-remote + name: openbao-openbao-backups-rclone labels: - app.kubernetes.io/controller: openbao-backups-remote - app.kubernetes.io/instance: rclone + app.kubernetes.io/controller: main + app.kubernetes.io/instance: openbao app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rclone - helm.sh/chart: rclone-4.6.2 - namespace: rclone + app.kubernetes.io/name: openbao-backups-rclone + app.kubernetes.io/version: v1.73.5 + helm.sh/chart: rclone-openbao-backups-remote-0.4.1 + namespace: openbao spec: suspend: false concurrencyPolicy: Forbid @@ -24,9 +25,9 @@ spec: template: metadata: labels: - app.kubernetes.io/controller: openbao-backups-remote - app.kubernetes.io/instance: rclone - app.kubernetes.io/name: rclone + app.kubernetes.io/controller: main + app.kubernetes.io/instance: openbao + app.kubernetes.io/name: openbao-backups-rclone spec: enableServiceLinks: false serviceAccountName: default @@ -54,32 +55,33 @@ spec: valueFrom: secretKeyRef: key: ACCESS_KEY_ID - name: garage-openbao-backups-secret + name: openbao-backups-rclone-destination-config - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY - name: garage-openbao-backups-secret + name: openbao-backups-rclone-destination-config - name: RCLONE_CONFIG_DEST_REGION valueFrom: secretKeyRef: key: ACCESS_REGION - name: garage-openbao-backups-secret + name: openbao-backups-rclone-destination-config - name: RCLONE_CONFIG_DEST_ENDPOINT valueFrom: secretKeyRef: - key: ENDPOINT_REMOTE - name: garage-openbao-backups-secret + key: DEST_ENDPOINT + name: openbao-backups-rclone-destination-config - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE value: "true" image: rclone/rclone:1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 + imagePullPolicy: IfNotPresent name: prune - args: - sync - src:openbao-backups - dest:openbao-backups - --s3-no-check-bucket - - --max-age + - --min-age - 90d - --verbose env: @@ -95,22 +97,22 @@ spec: valueFrom: secretKeyRef: key: ACCESS_KEY_ID - name: garage-openbao-backups-secret + name: openbao-backups-rclone-source-config - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY - name: garage-openbao-backups-secret + name: openbao-backups-rclone-source-config - name: RCLONE_CONFIG_SRC_REGION valueFrom: secretKeyRef: key: ACCESS_REGION - name: garage-openbao-backups-secret + name: openbao-backups-rclone-source-config - name: RCLONE_CONFIG_SRC_ENDPOINT valueFrom: secretKeyRef: - key: ENDPOINT_LOCAL - name: garage-openbao-backups-secret + key: SRC_ENDPOINT + name: openbao-backups-rclone-source-config - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE value: "true" - name: RCLONE_CONFIG_DEST_TYPE @@ -123,23 +125,24 @@ spec: valueFrom: secretKeyRef: key: ACCESS_KEY_ID - name: garage-openbao-backups-secret + name: openbao-backups-rclone-destination-config - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY - name: garage-openbao-backups-secret + name: openbao-backups-rclone-destination-config - name: RCLONE_CONFIG_DEST_REGION valueFrom: secretKeyRef: key: ACCESS_REGION - name: garage-openbao-backups-secret + name: openbao-backups-rclone-destination-config - name: RCLONE_CONFIG_DEST_ENDPOINT valueFrom: secretKeyRef: - key: ENDPOINT_REMOTE - name: garage-openbao-backups-secret + key: DEST_ENDPOINT + name: openbao-backups-rclone-destination-config - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE value: "true" image: rclone/rclone:1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 + imagePullPolicy: IfNotPresent name: sync diff --git a/clusters/cl01tl/manifests/rclone/ExternalSecret-external-openbao-backups-secret.yaml b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-backups-6e088aad5fad110b-rclone-destination-config.yaml similarity index 53% rename from clusters/cl01tl/manifests/rclone/ExternalSecret-external-openbao-backups-secret.yaml rename to clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-backups-6e088aad5fad110b-rclone-destination-config.yaml index 8ceac11c8..c243e88ad 100644 --- a/clusters/cl01tl/manifests/rclone/ExternalSecret-external-openbao-backups-secret.yaml +++ b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-backups-6e088aad5fad110b-rclone-destination-config.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: external-openbao-backups-secret - namespace: rclone + name: openbao-backups-6e088aad5fad110b-rclone-destination-config + namespace: openbao labels: - app.kubernetes.io/name: external-openbao-backups-secret - app.kubernetes.io/instance: rclone - app.kubernetes.io/part-of: rclone + helm.sh/chart: rclone-openbao-backups-external-0.4.1 + app.kubernetes.io/instance: openbao + app.kubernetes.io/part-of: openbao + app.kubernetes.io/version: "0.4.1" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: openbao-backups-6e088aad5fad110b-rclone-destination-config spec: secretStoreRef: kind: ClusterSecretStore @@ -16,11 +19,15 @@ spec: remoteRef: key: /digital-ocean/home-infra/openbao-backups property: ACCESS_KEY_ID - - secretKey: ACCESS_REGION - remoteRef: - key: /digital-ocean/home-infra/openbao-backups - property: ACCESS_REGION - secretKey: ACCESS_SECRET_KEY remoteRef: key: /digital-ocean/home-infra/openbao-backups property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + key: /digital-ocean/home-infra/openbao-backups + property: ACCESS_REGION + - secretKey: DEST_ENDPOINT + remoteRef: + key: /digital-ocean/config + property: ENDPOINT diff --git a/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-talos-backups-secret.yaml b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-backups-rclone-destination-config.yaml similarity index 50% rename from clusters/cl01tl/manifests/rclone/ExternalSecret-garage-talos-backups-secret.yaml rename to clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-backups-rclone-destination-config.yaml index d46b6897a..62f7e6227 100644 --- a/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-talos-backups-secret.yaml +++ b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-backups-rclone-destination-config.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: garage-talos-backups-secret - namespace: rclone + name: openbao-backups-rclone-destination-config + namespace: openbao labels: - app.kubernetes.io/name: garage-talos-backups-secret - app.kubernetes.io/instance: rclone - app.kubernetes.io/part-of: rclone + helm.sh/chart: rclone-openbao-backups-remote-0.4.1 + app.kubernetes.io/instance: openbao + app.kubernetes.io/part-of: openbao + app.kubernetes.io/version: "0.4.1" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: openbao-backups-rclone-destination-config spec: secretStoreRef: kind: ClusterSecretStore @@ -14,20 +17,16 @@ spec: data: - secretKey: ACCESS_KEY_ID remoteRef: - key: /garage/home-infra/talos-backups + key: /garage/home-infra/openbao-backups property: ACCESS_KEY_ID - - secretKey: ACCESS_REGION - remoteRef: - key: /garage/home-infra/talos-backups - property: ACCESS_REGION - secretKey: ACCESS_SECRET_KEY remoteRef: - key: /garage/home-infra/talos-backups + key: /garage/home-infra/openbao-backups property: ACCESS_SECRET_KEY - - secretKey: SRC_ENDPOINT + - secretKey: ACCESS_REGION remoteRef: - key: /garage/config - property: ENDPOINT_LOCAL + key: /garage/home-infra/openbao-backups + property: ACCESS_REGION - secretKey: DEST_ENDPOINT remoteRef: key: /garage/config diff --git a/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-openbao-backups-secret.yaml b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-backups-rclone-source-config.yaml similarity index 62% rename from clusters/cl01tl/manifests/rclone/ExternalSecret-garage-openbao-backups-secret.yaml rename to clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-backups-rclone-source-config.yaml index 811d49369..b5446dde2 100644 --- a/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-openbao-backups-secret.yaml +++ b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-backups-rclone-source-config.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: garage-openbao-backups-secret - namespace: rclone + name: openbao-backups-rclone-source-config + namespace: openbao labels: - app.kubernetes.io/name: garage-openbao-backups-secret - app.kubernetes.io/instance: rclone - app.kubernetes.io/part-of: rclone + helm.sh/chart: rclone-openbao-backups-remote-0.4.1 + app.kubernetes.io/instance: openbao + app.kubernetes.io/part-of: openbao + app.kubernetes.io/version: "0.4.1" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: openbao-backups-rclone-source-config spec: secretStoreRef: kind: ClusterSecretStore @@ -16,19 +19,15 @@ spec: remoteRef: key: /garage/home-infra/openbao-backups property: ACCESS_KEY_ID - - secretKey: ACCESS_REGION - remoteRef: - key: /garage/home-infra/openbao-backups - property: ACCESS_REGION - secretKey: ACCESS_SECRET_KEY remoteRef: key: /garage/home-infra/openbao-backups property: ACCESS_SECRET_KEY - - secretKey: ENDPOINT_LOCAL + - secretKey: ACCESS_REGION + remoteRef: + key: /garage/home-infra/openbao-backups + property: ACCESS_REGION + - secretKey: SRC_ENDPOINT remoteRef: key: /garage/config property: ENDPOINT_LOCAL - - secretKey: ENDPOINT_REMOTE - remoteRef: - key: /garage/config - property: ENDPOINT_REMOTE diff --git a/clusters/cl01tl/manifests/rclone/CronJob-rclone-openbao-backups-external.yaml b/clusters/cl01tl/manifests/rclone/CronJob-rclone-openbao-backups-external.yaml deleted file mode 100644 index 5f458a9a6..000000000 --- a/clusters/cl01tl/manifests/rclone/CronJob-rclone-openbao-backups-external.yaml +++ /dev/null @@ -1,139 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: rclone-openbao-backups-external - labels: - app.kubernetes.io/controller: openbao-backups-external - app.kubernetes.io/instance: rclone - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rclone - helm.sh/chart: rclone-4.6.2 - namespace: rclone -spec: - suspend: false - concurrencyPolicy: Forbid - startingDeadlineSeconds: 30 - timeZone: America/Chicago - schedule: "10 1 * * *" - successfulJobsHistoryLimit: 1 - failedJobsHistoryLimit: 1 - jobTemplate: - spec: - parallelism: 1 - backoffLimit: 3 - template: - metadata: - labels: - app.kubernetes.io/controller: openbao-backups-external - app.kubernetes.io/instance: rclone - app.kubernetes.io/name: rclone - spec: - enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true - hostIPC: false - hostNetwork: false - hostPID: false - dnsPolicy: ClusterFirst - restartPolicy: Never - containers: - - args: - - delete - - dest:openbao-backups-6e088aad5fad110b - - --min-age - - 90d - - --verbose - env: - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: DigitalOcean - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: "false" - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: ACCESS_KEY_ID - name: external-openbao-backups-secret - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: ACCESS_SECRET_KEY - name: external-openbao-backups-secret - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - key: ACCESS_REGION - name: external-openbao-backups-secret - - name: RCLONE_CONFIG_DEST_ENDPOINT - value: https://nyc3.digitaloceanspaces.com - - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE - value: "true" - image: rclone/rclone:1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - name: prune - - args: - - sync - - src:openbao-backups - - dest:openbao-backups-6e088aad5fad110b - - --s3-no-check-bucket - - --max-age - - 90d - - --verbose - env: - - name: RCLONE_S3_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_TYPE - value: s3 - - name: RCLONE_CONFIG_SRC_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_ENV_AUTH - value: "false" - - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: ACCESS_KEY_ID - name: garage-openbao-backups-secret - - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: ACCESS_SECRET_KEY - name: garage-openbao-backups-secret - - name: RCLONE_CONFIG_SRC_REGION - valueFrom: - secretKeyRef: - key: ACCESS_REGION - name: garage-openbao-backups-secret - - name: RCLONE_CONFIG_SRC_ENDPOINT - valueFrom: - secretKeyRef: - key: ENDPOINT_LOCAL - name: garage-openbao-backups-secret - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - value: "true" - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: DigitalOcean - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: "false" - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: ACCESS_KEY_ID - name: external-openbao-backups-secret - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: ACCESS_SECRET_KEY - name: external-openbao-backups-secret - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - key: ACCESS_REGION - name: external-openbao-backups-secret - - name: RCLONE_CONFIG_DEST_ENDPOINT - value: https://nyc3.digitaloceanspaces.com - - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE - value: "true" - image: rclone/rclone:1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - name: sync diff --git a/clusters/cl01tl/manifests/rclone/CronJob-rclone-postgres-backups.yaml b/clusters/cl01tl/manifests/rclone/CronJob-rclone-postgres-backups.yaml deleted file mode 100644 index 51873cb59..000000000 --- a/clusters/cl01tl/manifests/rclone/CronJob-rclone-postgres-backups.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: rclone-postgres-backups - labels: - app.kubernetes.io/controller: postgres-backups - app.kubernetes.io/instance: rclone - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rclone - helm.sh/chart: rclone-4.6.2 - namespace: rclone -spec: - suspend: false - concurrencyPolicy: Forbid - startingDeadlineSeconds: 30 - timeZone: America/Chicago - schedule: "40 0 * * *" - successfulJobsHistoryLimit: 1 - failedJobsHistoryLimit: 1 - jobTemplate: - spec: - parallelism: 1 - backoffLimit: 3 - template: - metadata: - labels: - app.kubernetes.io/controller: postgres-backups - app.kubernetes.io/instance: rclone - app.kubernetes.io/name: rclone - spec: - enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true - hostIPC: false - hostNetwork: false - hostPID: false - dnsPolicy: ClusterFirst - restartPolicy: Never - containers: - - args: - - delete - - dest:postgres-backups - - --min-age - - 30d - - --verbose - env: - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: Other - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: "false" - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: ACCESS_KEY_ID - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: ACCESS_SECRET_KEY - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - key: ACCESS_REGION - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - key: DEST_ENDPOINT - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - value: "true" - image: rclone/rclone:1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - name: prune - - args: - - sync - - src:postgres-backups - - dest:postgres-backups - - --s3-no-check-bucket - - --max-age - - 30d - - --include - - /cl01tl/*/*/*/base/** - - --exclude - - '**/walls/**' - - --verbose - env: - - name: RCLONE_S3_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_TYPE - value: s3 - - name: RCLONE_CONFIG_SRC_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_ENV_AUTH - value: "false" - - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: ACCESS_KEY_ID - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: ACCESS_SECRET_KEY - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_SRC_REGION - valueFrom: - secretKeyRef: - key: ACCESS_REGION - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_SRC_ENDPOINT - valueFrom: - secretKeyRef: - key: SRC_ENDPOINT - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - value: "true" - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: Other - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: "false" - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: ACCESS_KEY_ID - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: ACCESS_SECRET_KEY - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - key: ACCESS_REGION - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - key: DEST_ENDPOINT - name: garage-postgres-backups-secret - - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE - value: "true" - image: rclone/rclone:1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - name: sync diff --git a/clusters/cl01tl/manifests/rclone/CronJob-rclone-talos-backups.yaml b/clusters/cl01tl/manifests/rclone/CronJob-rclone-talos-backups.yaml deleted file mode 100644 index f23385b46..000000000 --- a/clusters/cl01tl/manifests/rclone/CronJob-rclone-talos-backups.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: rclone-talos-backups - labels: - app.kubernetes.io/controller: talos-backups - app.kubernetes.io/instance: rclone - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rclone - helm.sh/chart: rclone-4.6.2 - namespace: rclone -spec: - suspend: false - concurrencyPolicy: Forbid - startingDeadlineSeconds: 30 - timeZone: America/Chicago - schedule: "20 0 * * *" - successfulJobsHistoryLimit: 1 - failedJobsHistoryLimit: 1 - jobTemplate: - spec: - parallelism: 1 - backoffLimit: 3 - template: - metadata: - labels: - app.kubernetes.io/controller: talos-backups - app.kubernetes.io/instance: rclone - app.kubernetes.io/name: rclone - spec: - enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true - hostIPC: false - hostNetwork: false - hostPID: false - dnsPolicy: ClusterFirst - restartPolicy: Never - containers: - - args: - - delete - - dest:talos-backups - - --min-age - - 90d - - --verbose - env: - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: Other - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: "false" - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: ACCESS_KEY_ID - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: ACCESS_SECRET_KEY - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - key: ACCESS_REGION - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - key: DEST_ENDPOINT - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - value: "true" - image: rclone/rclone:1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - name: prune - - args: - - sync - - src:talos-backups - - dest:talos-backups - - --s3-no-check-bucket - - --max-age - - 90d - - --verbose - env: - - name: RCLONE_S3_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_TYPE - value: s3 - - name: RCLONE_CONFIG_SRC_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_ENV_AUTH - value: "false" - - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: ACCESS_KEY_ID - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: ACCESS_SECRET_KEY - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_SRC_REGION - valueFrom: - secretKeyRef: - key: ACCESS_REGION - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_SRC_ENDPOINT - valueFrom: - secretKeyRef: - key: SRC_ENDPOINT - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - value: "true" - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: Other - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: "false" - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: ACCESS_KEY_ID - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: ACCESS_SECRET_KEY - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - key: ACCESS_REGION - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - key: DEST_ENDPOINT - name: garage-talos-backups-secret - - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE - value: "true" - image: rclone/rclone:1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - name: sync diff --git a/clusters/cl01tl/manifests/rclone/CronJob-rclone-web-assets-rclone.yaml b/clusters/cl01tl/manifests/rclone/CronJob-rclone-web-assets-rclone.yaml index 318ec3fac..dcf622b5b 100644 --- a/clusters/cl01tl/manifests/rclone/CronJob-rclone-web-assets-rclone.yaml +++ b/clusters/cl01tl/manifests/rclone/CronJob-rclone-web-assets-rclone.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: web-assets-rclone app.kubernetes.io/version: v1.73.5 - helm.sh/chart: rclone-web-assets-remote-0.2.0 + helm.sh/chart: rclone-web-assets-remote-0.4.1 namespace: rclone spec: suspend: false diff --git a/clusters/cl01tl/manifests/rclone/ExternalSecret-web-assets-rclone-destination-config.yaml b/clusters/cl01tl/manifests/rclone/ExternalSecret-web-assets-rclone-destination-config.yaml index d0f668805..0b3b11ffa 100644 --- a/clusters/cl01tl/manifests/rclone/ExternalSecret-web-assets-rclone-destination-config.yaml +++ b/clusters/cl01tl/manifests/rclone/ExternalSecret-web-assets-rclone-destination-config.yaml @@ -4,10 +4,10 @@ metadata: name: web-assets-rclone-destination-config namespace: rclone labels: - helm.sh/chart: rclone-web-assets-remote-0.2.0 + helm.sh/chart: rclone-web-assets-remote-0.4.1 app.kubernetes.io/instance: rclone app.kubernetes.io/part-of: rclone - app.kubernetes.io/version: "0.2.0" + app.kubernetes.io/version: "0.4.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: web-assets-rclone-destination-config spec: @@ -22,11 +22,11 @@ spec: - secretKey: ACCESS_SECRET_KEY remoteRef: key: /garage/home-infra/web-assets - property: ACCESS_KEY_ID + property: ACCESS_SECRET_KEY - secretKey: ACCESS_REGION remoteRef: key: /garage/home-infra/web-assets - property: ACCESS_KEY_ID + property: ACCESS_REGION - secretKey: DEST_ENDPOINT remoteRef: key: /garage/config diff --git a/clusters/cl01tl/manifests/rclone/ExternalSecret-web-assets-rclone-source-config.yaml b/clusters/cl01tl/manifests/rclone/ExternalSecret-web-assets-rclone-source-config.yaml index bc03d1b3e..c4ada3f8a 100644 --- a/clusters/cl01tl/manifests/rclone/ExternalSecret-web-assets-rclone-source-config.yaml +++ b/clusters/cl01tl/manifests/rclone/ExternalSecret-web-assets-rclone-source-config.yaml @@ -4,10 +4,10 @@ metadata: name: web-assets-rclone-source-config namespace: rclone labels: - helm.sh/chart: rclone-web-assets-remote-0.2.0 + helm.sh/chart: rclone-web-assets-remote-0.4.1 app.kubernetes.io/instance: rclone app.kubernetes.io/part-of: rclone - app.kubernetes.io/version: "0.2.0" + app.kubernetes.io/version: "0.4.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: web-assets-rclone-source-config spec: